If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Firewall rules?

I am interested in learning about firewall rules and what not. Does anyone know where I can find a entry level guide to firewall rules? I'm not talking about firewall rules, but the kind I can add to home FW software. Some allow customizable rules, and I would like to learn them.

Most important thing: nearly all firewalls are the same. I mean they all say that their firewall is the best, but they all use iptables. If you know all about iptables, you already know nearly everything about firewalls. And if you fire up your BT and type iptables on the command line you will see that it's included in (nearly?) every linux distro.

I am interested in learning about firewall rules and what not. Does anyone know where I can find a entry level guide to firewall rules? I'm not talking about firewall rules, but the kind I can add to home FW software. Some allow customizable rules, and I would like to learn them.

That's kind of confusing. You want an "entry level guide to firewall rules" but you're "not talking about firewall rules"?

What Id suggest is that you do some basic reading on TCP/IP, specifically around how TCP/UDP ports and IP source/destination addresses are represented in packets, and also around how a TCP session is established.

A firewall is essentially just a device that allows or denies packets based on rules that match particular subsets of this information. Better firewalls can also consider the state of a connection and filter based on this as well - this can be determined for TCP because its a stateful protocol, plus there are fudges for UDP and ICMP to allow state to be determined for them. So called stateful filtering allows you to specify a a rule to match the initial packet in a communication, and have all the other packets in that communication matched automatically by the rule.

So, for example if you want to allow outgoing HTTP traffic through a firewall protecting an internal network, you normally would create a rule that allows traffic that has a source address from your internal network, a destination address of any, and a destination TCP port of 80 that is received by the internal interface of your firewall. On a stateful firewall this rule would also allow replies, on a non stateful firewall you would need to create an opposite rule, allowing external packets to enter the network going to your internal machines from a TCP source port of 80. This is a somewhat simplified example because HTTP communications can also occur over ports other than port 80, and Ive left out some detail about TCP flags in stateful firewall rules, but it demonstrates the general idea of how firewall rules work.

So, knowing how to create a custom firewall rule requires you to know how TCP/IP communications occur, as well as knowing particular characteristics about how that communication works.

A good way to learn about this is to setup a Linux firewall on your network (IPCop with Block Outgoing Traffic addon is what I started with), block ALL traffic, and then selectively allow traffic until the communications you want to use can work. Use wireshark and the firewall logs to see whats being blocked and whats being sent.

Originally Posted by floyd

I mean they all say that their firewall is the best, but they all use iptables. If you know all about iptables, you already know nearly everything about firewalls. And if you fire up your BT and type iptables on the command line you will see that it's included in (nearly?) every linux distro.

Most Linux distros have it, yes. The requirements are to have Netfilter extensions compiled into the Linux kernel and to have the iptables binary on the system. Some Linux embedded solutions don't have it - the Linux kernel on my Buffalo NAS device didnt have it (until I install a modified kernel)

Originally Posted by floyd

If your "home FW software" doesn't allow iptables rules, it sucks

Or its Windows (which might be the same thing as saying it sucks...). Iptables is Linux only, its the interface to the Netfilter extensions in the kernel - Netfilter is the software inside the kernel that actually does the packet filtering, iptables does the configuration of Netfilter. Other platforms have different firewalling software - BSD for example has "pf".

Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".